Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ship pfblockerbg-devl logs?

    pfBlockerNG
    3
    4
    492
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      beachbum2021
      last edited by beachbum2021

      What is the easiest method to forward all pfblocker logs to my log analyzer? ManageEngine is only receiving logs from syslog but I want to see the top blocked domains in the dnsbl log as well.

      1 Reply Last reply Reply Quote 1
      • R
        rtw915
        last edited by rtw915

        I only use the alias option in PfblockerNG, but I think it leverages the regular filtering table regardless of the method. As such you should be able to filter on the tracking ID associated with the rule. Make sure your have log box checked on the rule.

        f1411c78-5ec1-46fc-b5be-833347c5798e-image.png

        And then on the remote syslog configuration page check the Firewall Events box

        58ad8ecf-11ca-4c9e-a8a0-6d878835339b-image.png

        Since the Alias is of a collection of feeds, that rule would be of all the feeds in the collection. It would be cool to correlate a specific block with a particular feed in an external logging system, but I don't think that is possible.

        BBcan177B 1 Reply Last reply Reply Quote 0
        • BBcan177B
          BBcan177 Moderator @rtw915
          last edited by

          @rtw915
          As an example:
          https://www.reddit.com/r/pfBlockerNG/comments/bu0ms0/pfblockerngtelegrafinfluxdb_ip_block_list/

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          R 1 Reply Last reply Reply Quote 0
          • R
            rtw915 @BBcan177
            last edited by

            @bbcan177 said in ship pfblockerbg-devl logs?:

            @rtw915
            As an example:
            https://www.reddit.com/r/pfBlockerNG/comments/bu0ms0/pfblockerngtelegrafinfluxdb_ip_block_list/

            That is cool! I did not know that was possible. I saw in your Reddit post that you stated "pfSense doesn't have a lot of graphing/logging functionality." I 100% agree with you that it should not be part of the firewall, but it would be awesome to have a Netgate preferred solution like Graylog with a step by step guide to integrate the logging from the firewall and its common packages into a centralized visualization platform.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post